RE: [Pki-users] Token Cert Profile Question
Thanks.
Where is it specified the type of token to use in the enrollement process?
Thanks
Sean
-----Original Message-----
From: Jack Magne [mailto:jmagne@redhat.com]
Sent: Monday, January 19, 2009 7:49 PM
To: Veale, Sean
Cc: pki-users(a)redhat.com
Subject: Re: [Pki-users] Token Cert Profile Question
Sean:
Yes, we have a profile for each cert.
If you look in the CS.cfg in /var/lib/pki-tps/conf, you will see that for
each type of token (ie userKey), there is a list of key "types" that are
generated.
For an example of 3 types look for the string:
op.enroll.soKeyTemporary.keyGen.keyType.num=3
The subsequent lines show how a 3rd auth cert is generated.
Veale, Sean wrote:
I currently have a CS setup where using Gemalto tokens, I can see
that
an signing and encryption certs are written to the card. What
profile(s) in the /var/lib/<ca instance>/profile directory is used to
generate the certs in a default dogtag setup?
I noticed there is both a caTokenUserEncryptionKeyEnrollment.cfg and
caTokenUserSigningLeyEnrollment.cfg profiles in the directory that
seem to correspond to each of the certs created on the token. That is
a bit odd to me as I though it usually was one profile that would have
multiple policysets to handle 2 certs not a seperate profile for each?
The basic question is I'd like to modify the configuration so a third
cert is created on the card (to be used for authentication) beyond the
email signing and encryption certs. Anyone know how to do that?
Thanks
Sean
----------------------------------------------------------------------
--
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
Attachments:
- smime.p7s (application/x-pkcs7-signature — 6.2 KB)